We have recently had this complain from our various Shared hosting as well as Dedicated Server hosting clients that MSSQL Webadmin ASP .NET Enterprise Manager is having a virus / trojan on it. When the first complain arrived we too thought that there seems to be a problem with the server and might be MSSQL Webadmin ASP .NET Enterprise Manager has got an injection in it. But after receiving too many complains from most of our dedicated server clients we started investigating the problem and now we knew that this is something that has happen globally. After viewing MSSQL Webadmin ASP .NET Enterprise Manager on Plesk server it looked as the picture below:

We understood that the problem was not with the mssql.domain_name link but the virus alert only happened after click on ASP .NET Enterprise Manager, Recomended this site. And the link was:

www.referralplanet.com/referral/windows/referralWindow.asp?id=17

Since the site was not hosted with us we had a sigh of relief that the problem is not with the server however we thought we still have a security problem if the link has been injected into ASP .NET Manager site in IIS, may be due to a security issue with Plesk control panel. And after checking several servers we came to know that the problem has happened to the site that is recommended on MSSQL Webadmin site and not the server.

If you want to remove this link from your server as well as from the MSSQL WebAdmin site then follow the steps below:

1. Login into the server through RDP with Administrator user.
2. Go to D:\inetpub\vhosts\sqladmin\mssql\app
3. Open the navbar.aspx page in notepad
4. Go to line number 119 and remove the code below:

<!-- Begin ReferralPlanet.com Referral Script -->
<a onclick="refWindow=window.open('http:// www.referralplanet.com/referral/windows/referralwindow.asp?id=18','referralWindow' ,'width=350,height=520,scrollbars=yes,menubar=no,resizable=yes'); refWindow.focus(); return false;" target=_blank href="http:// www.referralplanet.com/referral/windows/referralWindow.asp?id=17">
<IMG alt="Click Here To Tell A Friend" src="images/tellafriend.gif" border=0></A>
<!-- Begin ReferralPlanet.com Referral Script -->

5. Save the file and exit.

This problem must have infected millions of computer in the world. Let see when chinese hacker stop putting their shit on other’s website and get mature.

The architecture of Microsoft MSSQL Server is mainly divided into three components:

1. SQLOS: which implements the basic services required by MS SQL Server, including thread scheduling, I/O stat management and memory management.

2. Relational Engine: which implements the relational database components including support for databases, tables, queries and stored procedures as well as implementing the type system.

3. Protocol Layer: which exposes the MS SQL Server functionality.

SQLOS

SQLOS is the base component in the Windows SQL Server architecture. It implements functions normally associated with the Operating System, thread scheduling, memory management, I/O management, buffer pool management, resource management, synchronization primitives and locking, and deadlock detection. Because the requirements of Windows SQL Server are highly specialized, it implements its own memory and thread management system, rather than using the generic one implemented in the OS. SQLOS also includes synchronization primitives for locking as well as monitoring for the worker threads to detect and recover from deadlocks.

more…

Clustering in Windows 2003 Dedicated or Shared hosting is a means of providing High Availability to your applications and websites. Clustering is a group of machines acting as a single entity to provide resources and services to the network. In time of failure, a fail over will occur to a system in that group that will maintain availability of those resources to the network. You can be alerted to the failure, repair the system failure, and bring the system back online to participate as a provider of services once more. You learn about many forms of Windows clustering. Clustering in Windows 2003 hosting can allow for failover to other systems and it can also allow for load balancing between systems. Load balancing in Windows 2003 hosting is using a device, which can be a server or an appliance, to balance the load of traffic across multiple servers waiting to receive that traffic. The device sends incoming traffic based on an algorithm to the most underused machine or spreads the traffic out evenly among all machines that are on at the time. A good example of using this technology would be if you had a web site that received 2,000 hits per day. If, in the months of November and December, your hit count tripled, you might be unable to sustain that type of increased load. Your customers might experience time outs,
more…

Some times Configuring MSDTC and their error can ruin your Windows Cluster service and your time as well. You may get one of the following error when you failover the MSDTC service from one Dedicated node to another.

This would only happen if the Cluster services has been installed before installing and configuring MSDTC Service. Hence it is highly recommended that you first install and configure MSDTC and then configure the Windows Cluster Service.

Event ID: 4097
Description:
MS DTC started with the following settings: Security Configuration (OFF = 0 and ON = 1): Network Administration of Transactions = 1, Network Clients = 0, Distributed Transactions using Native MSDTC Protocol = 1, Transaction Internet Protocol (TIP) = 0, XA Transactions = 1.

OR

Event ID: 4395
Description:
MSDTC detected that MSDTC related information in the local registry is different from that in the shared cluster registry. Error Specifics: d:ntcomcom1xdtcsharedmtxclumtxclusetuphelper.cpp:541, CmdLine: C:WINNTSystem32msdtc.exe, Pid: 796
Data:
0000: 05 40 00 80 .@.?

OR

Event ID: 4384
Description:
MS DTC was unable to start because the installation was not configured to run on a cluster. Please run comclust.exe and restart MS DTC. Error Specifics: d:ntcomcom1xdtcsharedmtxclumtxclusetuphelper.cpp:668, CmdLine: C:WINNTSystem32msdtc.exe, Pid: 796

OR

Event ID : 7024
Source : Service Control Manager
Description: The MSDTC service terminated with service specific error 3221229584.

Initially you should try and run the command below and check if it solves the problem:

msdtc -resetlog

If that does not help then follow the fix below:

more…

This checklist helps you prepare for installation. It is very important to go through all of them else it make it very difficult to restart if either one of them is missed or not configured:

Software Requirements

•    Microsoft Windows Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition installed on all dedicated servers in the cluster.
•    A name resolution method such as Domain Name System (DNS), DNS dynamic update protocol, Windows Internet Name Service (WINS), HOSTS, and so on.
•    An existing domain model.
•    All nodes must be members of the same domain.
•    A domain-level account that is a member of the local administrators group on each node. A dedicated account is recommended.

Hardware Requirements

•    Clustering hardware must be on the cluster service Hardware Compatibility List (HCL). To find the latest version of the cluster service HCL, go to the Windows Hardware Compatibility List at http://www.microsoft.com/hcl/, and then search for cluster. The entire solution must be certified on the HCL, not just the individual components.

more…

Group Policy is a core part of Microsoft’s IntelliMirror technology.You can use Group Policy to manage all aspects of the Server environment for Windows Server, including Registry settings, software installation, scripts, security settings, and so on.The possibilities of what can be done with Group Policy are almost limitless.With VBScript or Jscript, you can write entire applications to execute via Group Policy.You can install software automatically across the network and apply patches to applications. When deciding on the Group Policies you plan to enforce on your network, you should keep in mind that the more policies applied, the more network traffic, and hence the longer it could take for users to log onto the network. Group policies are stored in Active Directory as Group Policy Objects (GPO).These objects are the instructions for the management task to perform. Group Policy is implemented in four ways:

Local Group Policy:
Using local Group Policy involves setting up Group Policy on the local machine.This is not very useful for managing computers on a network. Local Group Policy is configured on the local computer.

Site Group Policy:

more…

The clustered nodes use a “heartbeat” signal to check whether each node is alive, at both the operating system level and the SQL Server level. At the operating system level, the nodes in the cluster are in constant communication, validating the health of all the nodes.

After installing a SQL Server failover cluster, the node hosting the SQL Server resource uses the Service Control Manager to check every 5 seconds whether the SQL Server service appears to be running. This “LooksAlive” check does not impact the performance of the system, but also does not do a thorough check; the check will succeed if the service appears to be running even though it might not be operational. Because the LooksAlive check does not do a thorough check, a deeper check must be done periodically; this “IsAlive” check runs every 60 seconds.

The IsAlive check runs a SELECT @@SERVERNAME Transact-SQL query against SQL Server to determine whether the server can respond to requests. Although a reply to the IsAlive query confirms that the SQL Server service is available for requests, it does not guarantee that all user databases are available, or that the user databases are operating within necessary performance/response-time requirements.

more…

Using Certificates to Encrypt Data

Certificates are parallel with asymmetric keys in the SQL Server 2005 encryption hierarchy. A certificate is simply a method of using asymmetric encryption. Certificates bind public keys to individuals who hold the associated private key. Certificates use the same RSA algorithm as asymmetric keys; therefore, they are resource-intensive and their use is normally restricted to encrypting other keys. SQL Server contains an integrated certificate authority, which it uses to issue its own selfsigned, and industry standard X.509 certificates. Alternatively, you can import certificates from an external certificate authority.The use of external certificates allows you to use a wider range of key lengths, which can provide enhanced security. Certificates are the most secure way in which to encrypt data natively within SQL Server 2005.You can use the CREATE CERTIFICATE statement to create a certificate within SQL Server 2005.

The common syntax of the CREATE CERTIFICATE statement is as follows:

CREATE CERTIFICATE CERTIFICATE_NAME [AUTHORIZATION USER_NAME]
{FROM FILE = ‘PATH_TO_PRIVATE_KEY’
WITH PRIVATEKEY [, ENCRYPTION BY PASSWORD = 'PASSWORD' |
, DECRYPTION BY PASSWORD = 'PASSWORD']}
WITH SUBJECT = CERTIFICATE_SUBJECT_NAME, |
[START_DATE = MM/DD/YYYY
END_DATE = MM/DD/YYYY]

Here are definitions of the arguments in this syntax:

more…

EFS Encryption

EFS can be used to encrypt SQL Server 2005 data files and folders. EFS is supported on Windows 2000 and later operating systems with New Technology File Systems (NTFS) formatted drives. EFS uses a combination of symmetric and asymmetric methods to provide transparent SQL Server 2005 data encryption. On Windows 2003 Server and newer operating systems, EFS by default creates a random File Encryption Key, which is a 256-bit AES key to perform data encryption.The File Encryption Key is then itself encrypted with the user’s public key and stored within the encrypted file or folder.

To encrypt SQL Server 2005 data files and folders using EFS, follow these steps:

1. Stop the SQL Server service.
2. Log out and log in using the SQL Server service account credentials.
3. Right-click on the file or folder to be encrypted and select Properties | General Tab | Advanced.

more…

Why Secure Data in your Windows MSSQL database?

Databases often contain sensitive financial, healthcare, and corporate data. As mentioned earlier, data security breaches are occurring at an alarming rate and international legislations have been passed, which set regulations on how organizations must protect this sensitive data. The Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Gramm-Leach-Bliley Act (GLBA), and the UK Data Protection Act are just a few of these regulations. Several regulations require that sensitive data be encrypted and that organization’s must identify and report data disclosure or misuse. If these regulations are not followed, organizations can face serious repercussions, ranging from financial penalties to imprisonment of responsible parties. Depending on the nature of your business, the above regulations may not apply, but before you discount the need to encrypt data consider that sensitive information can also include corporate information including confidential HR data, trade secrets, patents, designs, or client listings, which, if disclosed to unauthorized individuals, could have a grave impact on your organization. At this point you may be wondering,“why not just encrypt all data using a secure algorithm?” instead of determining specifically what data elements require encryption.The answer is that there is a  significant performance impact when encrypting data, as SQL Server must perform authentication, encryption, and decryption functions seamlessly to encrypt and decrypt the data. In addition, there are several other side effects associated with data encryption, which we will touch on later in this chapter. For these reasons, you should use data encryption only when required and only on the required data elements.

Ways to encrypt data in MSSQL 2005:

EFS Encryption
Native SQL Server 2005 Encryption
Using Keys to Encrypt Data
Using Certificates to Encrypt Data
Using Pass Phrases to Encrypt Data
Working with Data Encrypted
Indexing Encrypted Data
Replicating Encrypted Data
Symmetric Key Usage Tracking
Replicating Encrypted Stored
Using Endpoint Encryption